GCM in malicious attachments

Android OS offers an interesting service known as Google Cloud Messaging, or GCM. This service allows small (up to 4 KB) messages to be sent via the Google server from their mobile devices in JSON format. These messages may contain any structured data, such as links, advertising information, or commands.

In order to use this service, a developer must first receive a unique ID for his applications, which will be used to register the applications with GCM. After registration, the developer may send data to all devices on which the registered applications are installed, or to just some of them.

The service is used to determine the coordinates of stolen telephones, remote phone settings, send out messages about the release of new game levels, new products, and more.

It would be surprising, of course, if virus writers did not attempt to take advantage of the opportunities presented by this service. We have detected several malicious programs that use GCM as a C&C.

About site

This is experimental project, which search automatically antivirus, security, malware, etc. news and alerts. If you want add/delete source or post, let us know. We will add/delete it. We'd like make place, where you can find security information from various sources with correct backlink back to source.